There's a draft RFC that folks should look at: ftp://ds.internic.net/internet-drafts/draft-ietf-security-randomness-01.txt It's expired, and I know it will be updated, but the information in it is still worth having.